It's harder to get a generic exploit that will give you access to a lot of targets. But I'd argue that finding an exploit for a particular target would be easier.